Manalyze report for ff5c4049c0e75a90d7d594e3fcbbe20746a882388508b92bc9170a081b0091b5

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Jan-06 02:10:40
Debug artifacts	C:\Users\BzzzThe18th\Desktop\Master-Work-Folder\GT\Apps\MonkeModManager\MonkeModManager\obj\Release\MonkeModManager.pdb
Comments
CompanyName
FileDescription	MonkeModManager
FileVersion	`1.3.0`
InternalName	MonkeModManager.exe
LegalCopyright	Copyright Â© 2021
LegalTrademarks
OriginalFilename	MonkeModManager.exe
ProductName	MonkeModManager
ProductVersion	`1.3.0`
Assembly Version	1.3.0.0

Plugin Output

Info	Matching compiler(s):	`.NET executable -> Microsoft`
Info	Interesting strings found in the binary:	Contains domain names: api.github.com github.com githubusercontent.com https://api.github.com https://api.github.com/repos/ https://discord.gg https://github.com https://gorillatagmodding.burrito.software https://gorillatagmodding.burrito.software/ https://raw.githubusercontent.com https://raw.githubusercontent.com/BzzzThe18th/MonkeModInfo/master/groupinfo.json https://raw.githubusercontent.com/BzzzThe18th/MonkeModInfo/master/modinfo.json https://raw.githubusercontent.com/BzzzThe18th/MonkeModManager/master/update.txt raw.githubusercontent.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Malicious	VirusTotal score: 4/71 (Scanned on 2026-03-27 14:03:59)	`Kaspersky: Trojan-PSW.MSIL.Stealer.bnj` `Rising: Stealer.Agent!8.C2 (CLOUD)` `Tencent: Malware.Win32.Gencirc.14a82759` `alibabacloud: Trojan[stealer]:MSIL/Stealer.blQ`

Hashes

MD5	`a6a5a8473858b8cbdef37d4be463ca34`
SHA1	`35c3582d3badf847ba775169742b43ed53fea7ee`
SHA256	`ff5c4049c0e75a90d7d594e3fcbbe20746a882388508b92bc9170a081b0091b5`
SHA3	`eaff051d358d217fae3d288ab49f1a7062b5a6fdb34f74a6779e656ac56cef1d`
SSDeep	`3072:wAT65wV1QP05VFt/FMaIyEzE090HbJekvkF23P88RaF23P88RgoE090XaD:wATRVVFt9kzE09YbJZsWPKWPHE097D`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2024-Jan-06 02:10:40
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x2ce00`
SizeOfInitializedData	`0x11a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0002E8AA (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x30000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x44000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e0489b33267f5e041b6885eeb34cfb0d`
SHA1	`90ff3c42fb024fa12b64493ced7d934de2541a4c`
SHA256	`1bb40f2110a3b61f74394ab7cf4a46122708e32e590606c56b70ad93644ddba2`
SHA3	`afaa92e8d53107cf33c5d60eae6ce6455efe5b9dde75aa2c3174c82da23a8768`
VirtualSize	`0x2ccb0`
VirtualAddress	`0x2000`
SizeOfRawData	`0x2ce00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.08051`

.rsrc

MD5	`d7bf3048c4fd7df6267b7b3c7c7a06a0`
SHA1	`eee0f5a20adbc843bb9acef840df5d5cbe6539d7`
SHA256	`4a6287bd3f63d1e9fef2760db3fe915e65139c209879fd7ae2610a4954fb2622`
SHA3	`736bb38885486df72035d71555fb6d4209677fea2917931bf96043d6efb4c268`
VirtualSize	`0x117ec`
VirtualAddress	`0x30000`
SizeOfRawData	`0x11800`
PointerToRawData	`0x2d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.72464`

.reloc

MD5	`cc6015371f7ae57d75e3291a0ae464b3`
SHA1	`3ae87c93e39140db45803b40b1cfeba06b623033`
SHA256	`485d3003d8a44aaea43dc5dbfdcdc0e63b1725e188c8ad0ff44dd2539e17ba1a`
SHA3	`fe1710e62b4e975d922ddb7b189ff8e0d506dabb983854277904822d385bf798`
VirtualSize	`0xc`
VirtualAddress	`0x42000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3e800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.48391`
MD5	`db96f5d17cc59e493aa64a49825fa422`
SHA1	`d1da6f16a12b1f40ec5e34facf47d6159b4e51cb`
SHA256	`41616009bfe130d442799d4889d26a2a76553815c6672bc16ad3d4942b924907`
SHA3	`3757389c0ffa073220721aa4e7881942411bc66fa2299a946e5d429c047b74e6`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.98048`
Detected Filetype	Icon file
MD5	`38388dda6548693f4d42f2241a4218d7`
SHA1	`78bedd12a20f97e31e58742381f3d0ca1edb4715`
SHA256	`cd0991dd595a1392452a8c7ccf089e73626bc6eed1fd3f54ee4c6aa7ffbaedba`
SHA3	`9ace1e9f008d60580379cdfdcd4119706c82d52d2e5fdb9e5745fa00864cc1a8`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x344`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30964`
MD5	`8c424fe3b9b5c980516361259b56ccfb`
SHA1	`a6a415ebe879506ea9d10c885525635a517ba723`
SHA256	`8ff1ac807d54efcca90de77c01cfedda17838adde9b4520b1d2c51b21420af32`
SHA3	`77ae141fc9a291b296951600ea3adec77e7174d9a37a4b6b523bd0edef37aae4`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xb36`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.04092`
MD5	`153678fe0d535dc68f07dd30adbad9dd`
SHA1	`e2b171a089f09539b83f8ba38b35cbfd4369ed54`
SHA256	`5811f5b5366d07326392387112550e64865eb10c6ef4ca6a677c77efb8374bbd`
SHA3	`625117f8550a9d35da37e1e74534204c7ce214768f87e273034df00a68e536be`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.3.0.0
ProductVersion	1.3.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	MonkeModManager
FileVersion (#2)	1.3.0
InternalName	MonkeModManager.exe
LegalCopyright	Copyright Â© 2021
LegalTrademarks
OriginalFilename	MonkeModManager.exe
ProductName	MonkeModManager
ProductVersion (#2)	1.3.0
Assembly Version	1.3.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Jan-06 02:10:40
Version	`0.0`
SizeofData	`284`
AddressOfRawData	`0x2e73c`
PointerToRawData	`0x2c93c`
Referenced File	C:\Users\BzzzThe18th\Desktop\Master-Work-Folder\GT\Apps\MonkeModManager\MonkeModManager\obj\Release\MonkeModManager.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.